Ask OpenStack: Q&A Site for OpenStack Users and Developers - Latest question feedhttps://ask.openstack.org/en/questions/Questions and answers OpenStack CommunityenCopyright of the authors unless stated otherwiseThu, 09 Aug 2018 03:24:43 -0500Prevent users of same project to delete each others instanceshttps://ask.openstack.org/en/question/115662/prevent-users-of-same-project-to-delete-each-others-instances/ Hallo Everyone,
Is there a way to prevent users in the same project to delete each others instances?, I mean the user who created the instance should be able to delete his instance and admin too (not only admin) , but no one else.
to be more clear if there are 5 users in a project "Project1" they had created 5 instances from the dashboard, each owned by one, by default even if the users does not have access to each others instances they can still delete each others Instances from the dashboard. RobbyThu, 09 Aug 2018 03:24:43 -0500https://ask.openstack.org/en/question/115662/Tenent and User Behaviorhttps://ask.openstack.org/en/question/62624/tenent-and-user-behavior/Hi,
I am using Openstack IceHouse (3). I have a multi domain environment. I have a domain called "dom1" where I have a domain admin called as "dom1admin" and two users a and b with member roles. I have a VMWare provisioning environment from Openstack. There is a project called "proj-vmware" where these users can request for instances.
I see a behavior where
(a) user a requests for an instance in proj-vmware and user b is able to delete or modify it.
(b)dom1admin request for an instance in proj-vmware and either of a or b is able to delete it.
(c)the same thing happens with cinder as well for volumes.
I understand that this is the default behavior. Can we change this behavior to the following ?
(a) domain admin dom1admin can see / modify or delete any resources
(b)only owners (for users in member role) can see/modify/delete their own resources.
If this can be done through nova policy.json, please help me to do it. I donot want to create any new roles unless that is the only way to achieve this feat.ShivaTue, 10 Mar 2015 08:56:53 -0500https://ask.openstack.org/en/question/62624/